Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with 11.x
Showing posts in English
Win32/Popureb.E Symantec Response
kochc | 28 Jun 2011 | 1 comment

In response to the Win32/Popureb.e threat being propogated on the internet, Symantec's response was:

 

The Popureb family is nothing new and we have seen variants of this family for months. Most are detected as Trojan.Fakeav, but it appears this variant that MS has dubbed as “E” might be a little more severe. Everythingthat we have read says it does nothing that Trojan.Tidserv doesn’t already do.

 

In order to provide specific info on this what MS is referring to in their “E” variant, Symantec need to get the code from them. To that end Symantec has already asked them for it and are awaiting it from them.

Read more
Enabling or disabling 8.3 short paths with NtfsDisable8dot3NameCreation
Joao Costa | 13 Jun 2011 | 0 comments

Some random bit of knowledge that I ran across today while troubleshooting a Symantec Endpoint Protection Manager 11.x issue with a customer: 

Sometimes you may need to specify the Php.ini path in IIS (Handler Mappings of the Reporting virtual directory > edit the PHP entry) by adding the 8.3 path (short DOS path) to php-cgi.exe followed by –c parameter and 8.3 path to Php.ini (for more information check Specifying which php.ini the Endpoint Protection Manager (SEPM) Reporting website uses). This is useful or maybe even required if you have more than one PHP version installed in your server.

In this case I tried to find the 8.3 Path of the SEPM folder to add it in IIS with the dir /X switch but it simply didn’t exist. This particular SEPM folder didn’t have a short path..

...

Read more
Job Opportunity: Symantec Security Consultant
Chad Dupin | 01 Jun 2011 | 0 comments

ITS Partner is looking to hire a few Symantec Security Consultants / Engineers.

 

Location

West Michigan / Grand Rapids, MI Area.

Job Summary

This position will be focused on the implementation of Symantec security products within various customer environments. Job responsibilities include assessing customer needs and expectations, designing solutions to meet those needs, and then implementing the design. In addition to these activities the consultant will participate in the sales process (proposal creation, presentations, sales calls, demos, etc.). This position has the opportunity to grow into a leadership role within ITS to help guide and direct the security team.

Preferred Technical Qualifications

  • Symantec Endpoint Protection
  • Symantec Endpoint Encryption
  • Symantec Data Loss Prevention
  • Control Compliance Suite
  • PGP

Technical Knowledge

...
Read more
How to troubleshoot Symantec Endpoint Protection (SEP) or Symantec Endpoint Protection Manager (SEPM) installation failures
w-d | 28 Apr 2011 | 0 comments

It happens many times that you try to install SEP or SEPM and at the end it rolls back.

To avoid losing time by guessing what could be the cause of such issue it is worth to find the installation log and look. It gives you much useful information and sometimes helps you to resolve the problem very quickly.

 

Installation log’s names for the above products are:

sep_inst.log for SEP

sepm_inst.log for SEPM

 

Usually they are stored in the temporary folders:

C:\Windows\temp

or

C:\Documents and Settings\User_Name\Local Settings\Temp (where User_Name is currently logged user. You can open this temp by typing %temp% in start -> run)

 

If the installation log will not be found in none of those locations, you can search for those names on your whole disk.

If still cannot be found, you might have to force the...

Read more
Good Online Tool For File and Website Analysis (Malware or Not)
jomargonzales | 06 Apr 2011 | 0 comments

I have discovered an online tool whihc is very useful in analyzing file if malicious or not.

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

URL:

http://www.virustotal.com/

Read more
Some useful tools for FREE
mon_raralio | 05 Apr 2011 | 2 comments

I'd like to share the free tools I downloaded from the Internet. These are the tools that I use almost on a daily basis in deplyoment and troubleshooting SEP clients for the past few months. All of these are freeware so you can use it as long as management approves. So, here goes:

  • PingInfoView - Used to ping multiple clients by list. Either hostname or IP and you can select either ping once or continous and also set the maximum time to wait before timeout. This one doesn't get detected as a malware by Symantec. I use this with the reports of non-reporting clients to check if they're online before starting up the Sylink replacer. You can copy or export the results into a spreadsheet.
  • PSList - a DOS utility from SysInternals that I use to show the running processes. Although you can use the tasklist in DOS which is already available in XP by default. I follow this with:
  • PSKill - a DOS utility from SysInternals to terminate processes on...
Read more
Quelle version de SEP pour quel systeme d'exploitation?
Maciej_Jedrzejczyk | 08 Apr 2011 | 0 comments

De temps en temps nos clients nous contactent avec un souci de co-operation entre le client Symantec Endpoint Protection et les systemes d'exploitation Windows en version Vista/7/2008. Cela peut prendre plusieurs formes, par exemple l'installation est interrompue ou a la suite d'installation les services relatifs au SEP montrent des divers messages d'erreur. Le problème réapparait même après plusieurs redémarrages.

Quoi faire dans cette situation?

Premierement, verifions la version de produit.

Ce n'est qu'a partir de version RU5 que le support officiel est donne aux OS plus modernes comme Windows Vista, Windows 7 ou Windows Server 2008 / 2008 R2. Voici la liste des versions qui sont compatibles avec ces systemes:

11.0.5002             RU5

11.0.600.550     ...

Read more
Sydney Symantec Endpoint Protection User Group Meeting (15 March) – Cancelled
Vera | 13 Mar 2011 | 0 comments
Sydney Symantec Endpoint Protection user group meeting on 15 March, 2011 has been cancelled.  Please return for updates on the next user group meeting.
Read more
Chicago Security & Compliance User Group Meeting Presentation Data – Tue, March 8, 2011
Mark Maynard | 10 Mar 2011 | 1 comment

We had a great Chicago Security & Compliance User Group meeting on March 8.  A fantastic presentation by Rich Bagurdes was very valuable and shows some real world examples of how to leverage all of SEP's features.  There was also another great presentation by Min about SEP 12.1 Amber that highlighted the new virtualization features and generated lots of additional questions and interest around the upcoming SEP 12.1  product.

Here are the available slides and even some video of the presentation.  Thanks goes to everyone who participated to make this another great event.  I am looking forward to participating at the next one that is coming soon in August 2011.

Enjoy!

Mark

Read more
New KB 971029
mon_raralio | 16 Feb 2011 | 0 comments

Good news from Microsoft.

In Windows XP, Windows Vista, and Windows Server 2003, AutoRun entries were populated for all devices that had mass storage and had a validly formatted AutoRun.inf file in the root directory. This included CDs, DVDs, USB thumb drives, external hard disks, and any volume that exposed itself as mass storage. This update disables AutoRun entries in AutoPlay, and displays only entries that are populated from CD and DVD drives. Effectively, this prevents AutoPlay from working with USB media.

Affect on end users and end-user software

loadTOCNode(2, 'moreinformation');

  • Many existing devices in market, and many upcoming devices, use the AutoRun feature with the AutoPlay dialog box to present and install software when DVDs, CDs, and USB flash drives are inserted.
  • Users who install this update will no longer receive a setup message that prompts...
Read more